Skip to content
Contact us
  • There are no suggestions because the search field is empty.

xAPI Configuration

Learn how to configure xAPI in Security Journey to send training activity data to your learning record store (LRS).

xAPI Configuration

Summary

Security Journey supports xAPI integrations to send learner completion activity to a Learning Record Store (LRS). This article explains how to request xAPI access, configure your LRS connection, and understand the event types Security Journey sends.

What is xAPI used for?

xAPI allows Security Journey to push learner activity data (such as completions and pass/fail events) to an external system like an LRS or LMS.

Note: Security Journey’s xAPI integration is a one-way data push from Security Journey to your LRS.

Prerequisites

Before configuring xAPI, ensure you have:

  • Access to an LRS endpoint (example: SCORM Cloud, Learning Locker, etc.)

  • LRS credentials for one of the supported auth methods:

    • OAuth 2.0 (Client Credentials), or

    • Basic Authentication

  • Admin access in Security Journey

Request xAPI Enablement

xAPI is not enabled by default. To request access, contact your Account Manager or email support@securityjourney.com.

Supported Authentication Methods

Option 1: OAuth 2.0 (Client Credentials)

Security Journey supports the OAuth 2.0 Client Credentials flow.

You will need:

  • LRS URL

  • Token URL

  • Client Key

  • Client Secret

Option 2: Basic Authentication

Basic authentication uses a Base64-encoded username and password in the authorization header for each request.

You will need:

  • LRS URL

  • Username

  • Password

Configure xAPI in Security Journey

Once xAPI is enabled for your account:

  1. Go to Admin → Settings → LRS

  2. Select the lock icon (top-right) to unlock the settings

  3. Choose your authentication method:

    • Basic

    • OAuth 2.0

  4. Enter the values required for the selected method

  5. Save your changes

Events Sent to the LRS

Security Journey sends the following xAPI events:

  • Level Completed

  • Path Completed

  • Lesson Passed

  • Lesson Failed

Example xAPI Statements (JSON)

Below are sample xAPI statement payloads Security Journey may send.

Level Completed (Example)

{
  "actor": {
    "objectType": "Agent",
    "mbox": "mailto:learner@example.com",
    "name": "Learner Name"
  },
  "verb": {
    "id": "https://w3id.org/xapi/dod-isd/verbs/completed",
    "display": { "en-US": "completed" }
  },
  "object": {
    "id": "https://my.securityjourney.com/belts/1",
    "definition": { "name": { "en-US": "Foundational" } },
    "objectType": "Activity"
  },
  "timestamp": "2025-03-12T14:39:23.934Z",
  "version": "1.0.0"
}

Path Completed (Example)

{
  "actor": {
    "objectType": "Agent",
    "mbox": "mailto:learner@example.com",
    "name": "Learner Name"
  },
  "verb": {
    "id": "https://w3id.org/xapi/dod-isd/verbs/completed",
    "display": { "en-US": "completed" }
  },
  "object": {
    "id": "https://my.securityjourney.com/admin/roles/127",
    "definition": { "name": { "en-US": "Foundational: Web Developer" } },
    "objectType": "Activity"
  },
  "timestamp": "2025-02-14T16:17:37.917Z",
  "version": "1.0.0"
}

Lesson Passed (Example)

{
  "actor": {
    "objectType": "Agent",
    "mbox": "mailto:learner@example.com",
    "name": "Learner Name"
  },
  "verb": {
    "id": "https://w3id.org/xapi/dod-isd/verbs/passed",
    "display": { "en-US": "passed" }
  },
  "object": {
    "id": "https://my.securityjourney.com/belts/2/modules/230/lesson",
    "definition": { "name": { "en-US": "Broken Access Control" } },
    "objectType": "Activity"
  },
  "timestamp": "2025-03-03T21:06:13.083Z",
  "version": "1.0.0"
}

Lesson Failed (Example)

{
  "actor": {
    "objectType": "Agent",
    "mbox": "mailto:learner@example.com",
    "name": "Learner Name"
  },
  "verb": {
    "id": "https://w3id.org/xapi/dod-isd/verbs/failed",
    "display": { "en-US": "failed" }
  },
  "object": {
    "id": "https://my.securityjourney.com/belts/2/modules/230/lesson",
    "definition": { "name": { "en-US": "Broken Access Control" } },
    "objectType": "Activity"
  },
  "timestamp": "2025-03-03T21:06:13.083Z",
  "version": "1.0.0"
}

Troubleshooting

1) No statements are appearing in the LRS

  • Confirm xAPI is enabled for your account (contact support if unsure)

  • Verify the LRS URL is correct and accessible

  • Confirm credentials are valid (OAuth token endpoint, client key/secret, or username/password)

2) Authentication errors

  • For OAuth, verify:

    • Token URL is correct

    • Client Key/Secret match the LRS configuration

  • For Basic Auth, verify:

    • Username/password are correct

    • The LRS allows Basic Auth for the endpoint

3) Data looks incomplete or unexpected

  • Confirm which event types are expected (Level, Path, Lesson Pass/Fail)

  • Validate your LRS is not filtering or mapping xAPI statements incorrectly

FAQ

Does this push data both ways?
No. This is a one-way push from Security Journey to your LRS.

Can I send all lesson progress, not just pass/fail?
Currently, Security Journey sends the supported events listed above. Contact support if you need expanded event tracking.

Need Help?

If you need assistance enabling or configuring xAPI, contact your Account Manager or email support@securityjourney.com.